Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6899 — Project Bluez vulnerability

CWE-167 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

10.0%

top 6.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Bluez Project Bluez

Timeline

PublishedDec 31

Latest updateMay 1

Description

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages1 packages

▶NVDbluez_project/bluez2.24

🔴Vulnerability Details

GHSA

GHSA-3c54-jw9j-cwjh: hidd in BlueZ (bluez-utils) before 2↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

BlueZ 1.x/2.x - HIDD Bluetooh HID Command Injection↗2007-11-16

▶

📋Vendor Advisories

Ubuntu

BlueZ vulnerability↗2007-01-24

▶

Red Hat

security flaw↗2006-12-28

▶

💬Community

Bugzilla

CVE-2006-6899 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-6899 Bluetooth HID key events injection flaw↗2007-02-02

▶